Malware

Question

possible virus

thanks if any can help laptop running xp home gets error message "Error loading c:\WINDOWS\system32\qtyunrrk.dll the specified modual can not be found" I press ok loads xp fine but unable to connect to internet it attempts to load "go.microsoft.com/fwlink/?LinkId=74005" unable to change to any other homepage any one any ideas

All Answers

You can try this

Follow the steps below with the System started and restarted in Safe Mode with Networking. Running in Safe Mode loads a minimal set of drivers for the Operating System. You can use these options to start Windows so that you can modify the registry or load or remove drivers.

Removing malware from System Restore points To remove the malware, you must first disable System Restore, then scan the system with up-to-date antivirus software - allowing it to clean, delete, or quarantine any viruses found. After the system has been disinfected, you may then re-enable System Restore. The steps for disabling System Restore vary, depending on whether the default Start Menu or the Classic Start Menu is being used.

Classic Start Menu XPIf using the Classic Start Menu, click Start | Settings | Control Panel and double-click the System icon. Select the System Restore tab and check "Turn off System Restore".

VistaStart, right mouse click Computer and select Properties. Select Advanced System Properties, click contine and then System Protection. Untick the box nect to Local Disk C: and click on Turn System Restore off.

After scanning the system and removing the offending malware, re-enable System Restore by repeating the steps, this time removing the check from "Turn off System Restore".

* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.* If an update is found, it will download and install the latest version.* Once the program has loaded, select Perform Quick Scan, then click Scan.* When the scan is complete, click OK, then Show Results to view the results.* Be sure that everything is checked, and click Remove Selected.

If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. <a href="http://malwarebytes.gt500.org/mbam-rules.exe" target="_blank"><u>mbam-rules</u></a>

I would keep scanning with it until it is clean by closing out and rebooting and running it again.

From another PC download and install Spybot, update it and copy the the installed folders to a USB Stick.

Restart the PC in Safe Mode, navigate to the USB stick and run Spybot.

With the new strains of Virus that have been created you may find it necessary to rename the executable files so that they will work. Rename mbam-setup.exe and then navigate to the install folder and rename mbam.exe. Do not change the files extension from .exe. Do the same with Spybot.

Also run this Rootkit Revealer GMer<a href="http://www.gmer.net/index.php" target="_blank"><u>Gmer</u></a>

Step 1: Click the Start button and select Run. Now type the following text in that Run box and press Enter:

notepad c:\WINDOWS\system32\drivers\etc\hosts

Step 2: You will see a new notepad window on your screen containing some information. You should have a single entry of 127.0.0.1 localhost. If there are any other entries in there it means that those sites are being blocked and it is probably due to an infection. Unless you made the extra entries delete them all but 127.0.0.1 localhost.

Update your Antivirus software.

<i>Keep us informed as to your progress if you require further assistance. </i>

And clean the registry

The error you are currently getting is for a bit of malware that is gone, whether your AV got it or it has changed names. The programs Jacky mentioned should find these registry keys, but sometimes I find them left over.

The malware you have/had attached itself to winlogon, and windows thinks it needs this to boot.

Possible Malware

It's not a valid XP file and definitely reeks of "randomly-generated-file" - most likely some sort of malware. It is possible that your AV software took care of the bugger (or part of it), but didn't clean the registry properly. One might also need to take a look at the "hosts" file located under C:\WINDOWS\system32\drivers\etc. You can open it with a text editor like Notepad.

Anything weird other than what you mentioned?

A Standard hosts file looks like this:

# Copyright (c) 1993-1999 Microsoft Corp.## This is a sample HOSTS file used by Microsoft TCP/IP for Windows.## This file contains the mappings of IP addresses to host names. Each# entry should be kept on an individual line. The IP address should# be placed in the first column followed by the corresponding host name.# The IP address and the host name should be separated by at least one# space.## Additionally, comments (such as these) may be inserted on individual# lines or following the machine name denoted by a '#' symbol.## For example:## 102.54.94.97 rhino.acme.com # source server# 38.25.63.10 x.acme.com # x client host

Create a new discussion

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

Post type

Subject title

Topic Tags

Select up to 3 tags (1 tag required)

Cloud

Piracy

Security

Apple

Microsoft

IT Employment

Google

Open Source

Mobility

Social Enterprise

Community

Smartphones

Operating Systems

Windows

Mac

Malware

Tablets

Networking

Browser

Hardware

Software

Web Developerment

Linux

Off Topic

Message Body

Track this discussion and email me when there are updates

Please note: Do not post advertisements, offensive material, profanity, or personal attacks. Please remember to be considerate of other members. If you're new to the TechRepublic Forums, please read our TechRepublic Forums FAQ. All submitted content is subject to our Terms Of Use.